|
Sr. Content Developer at Microsoft, working remotely in PA, TechBash conference organizer, former Microsoft MVP, Husband, Dad and Geek.
|
Brought to you by:
KPMG – Go to www.kpmg.us/ai to learn more about how KPMG can help you drive value with our AI solutions.
Vanta - Simplify compliance - https://vanta.com/nlw
The AI Daily Brief helps you understand the most important news and discussions in AI.
Subscribe to the podcast version of The AI Daily Brief wherever you listen: https://pod.link/1680633614
Get it ad free at
Join our Discord: https://bit.ly/aibreakdown
Scott and Wes sit down with Kent C. Dodds to break down MCP, context engineering, and what it really takes to build effective AI-powered tools. They dig into practical examples, UI patterns, performance tradeoffs, and whether the future of the web lives in chat or the browser.
Syntax: X Instagram Tiktok LinkedIn Threads
Wes: X Instagram Tiktok LinkedIn Threads
Scott: X Instagram Tiktok LinkedIn Threads
Randy: X Instagram YouTube Threads
Read the full Show Notes and search through the world's largest audio library on Agile and Scrum directly on the Scrum Master Toolbox Podcast website: http://bit.ly/SMTP_ShowNotes.
"I forgot a couple key things. Number one, they don't have the enthusiasm and love for these new ways of working like I do because they didn't understand the problem that they were in." - Felipe Engineer-Manriquez
Felipe shares a powerful failure story from his early days adopting Lean and Agile in construction. After discovering Jeff Sutherland's "Red Book" and experiencing incredible results using Scrum with his 4-year-old son on a weekend project, he was eager to bring these methods to his construction team. The problem? He immediately went into teaching mode. His boss Nate and the rest of the team wanted nothing to do with Scrum—they Googled it, saw it was "a software thing," and shut down completely. This is what Felipe now calls the "Not Invented Here Syndrome"—people resist ideas that don't originate from their domain. The breakthrough came when Felipe stopped teaching and started doing. He calls it the "ninja Scrum approach"—embodying the processes and tools without labeling them, making work visible, and delivering results.
When he managed $25 million worth of scopes using these methods silently, one project manager named Tom stopped him and said, "We've never come to a project where people held their promises." Within a year, even his resistant boss Nate acknowledged the transformation in a post-mortem review. The lesson: don't teach until people pull for the teaching.
In this episode, we refer to NoEstimates and Scrum: The Art of Doing Twice the Work in Half the Time by Jeff Sutherland.
Self-reflection Question: When you introduce new practices to a team, do you wait until they pull for the teaching, or do you default to explaining before they've seen the value?
[The Scrum Master Toolbox Podcast Recommends]
Angela thought she was just there to coach a team. But now, she's caught in the middle of a corporate espionage drama that could make or break the future of digital banking. Can she help the team regain their mojo and outwit their rivals, or will the competition crush their ambitions? As alliances shift and the pressure builds, one thing becomes clear: this isn't just about the product—it's about the people.
🚨 Will Angela's coaching be enough? Find out in Shift: From Product to People—the gripping story of high-stakes innovation and corporate intrigue.
[The Scrum Master Toolbox Podcast Recommends]
About Felipe Engineer-Manriquez
Felipe Engineer-Manriquez is a best-selling author, international speaker, and host of The EBFC Show. A force in Lean and Agile, he helps teams build faster with less effort. Felipe trains and coaches changemakers worldwide—and wrote Construction Scrum to make work easier, better, and faster for everyone.
You can link with Felipe Engineer-Manriquez on LinkedIn.
You can also find Felipe at thefelipe.bio.link, check out The EBFC Show podcast, and join the EBFC Scrum Community of Practice.
The votes are in, and the time has come to reveal the winners of the 17th Annual Trader Joe's Customer Choice Awards! Seventeen years of celebrating our customers' favorite products, as voted by you, our customers. It's just as exciting to us this year as it was in year one.
Favorite cheese? It's here. Favorite snack? It's a crunchy one. Favorite Trader Joe's product overall? It's delicious! We have the results, including a couple of surprises – headscratchers, really, and we're here for 'em. Listen in for all the details, and visit traderjoes.com for the full list. We close out this episode with a little self-indulgence (even more than usual!), and a look toward what's ahead.
We’ve reached yet another milestone in Excel for the web: The full Power Query user experience is now generally available, including the import wizard and Power Query Editor.
After we released the ability to refresh Power Query data from authenticated data sources, we were able to unlock the ability to complete the full user journey of importing data and editing it using Power Query.
Go here to learn all about Power Query in Excel for the web: https://aka.ms/pqxlo
See this support article for more information on Power Query data sources in Excel versions.
Note:
Viewing and refreshing queries is available to all Microsoft 365 Subscribers.
The full Power Query experience is available to all Microsoft 365 Subscribers with Business or Enterprise plans.
You can import data into Excel using Power Query from a wide variety of data sources, for example: Excel Workbook, Text/CSV, XML, JSON, SQL Server Database, SharePoint Online List, OData, Blank Table, and Blank Query.
Future plans include adding data sources and advanced features.
We hope you like this new addition to Excel and we’d love to hear what you think about it!
Let us know by using the Feedback button in the top right corner in Excel - add #PowerQuery in your feedback so that we can find it easily.
Want to know more about Excel for the web? See What's new in Excel for the web and subscribe to our Excel Blog to get the latest updates. Stay connected with us and other Excel fans around the world – join our Excel Community and follow us on Twitter.
Jonathan Kahati, Gal Horowitz
~ Excel Team
Many security issues in applications come from the database layer: poorly written queries, dynamic SQL, or code that exposes more data than it should. These problems are often hard to spot, especially in large or older codebases.
The MSSQL extension for VS Code (v1.37+) now integrates GitHub Copilot with a dedicated chat participant: mssql.
One of its most useful capabilities is the Security Analyzer, which reviews your T-SQL code and highlights potential security weaknesses.
This is not just a generic AI model reading text. The tool connects to your SQL Server or Azure SQL database and uses the real context of your environment: your schema, tables, views, and stored procedures. That context allows it to give much more precise and relevant guidance.
The Security Analyzer supports: • SQL Server 2019, 2022, 2025 (Windows, Linux, containers) • Azure SQL Database • Azure SQL Managed Instance • SQL database in Fabric
If you run a mix of on-premises, cloud, or older environments, you can still use the same tool and interface across them.
Based on the official documentation and early testing, typical use cases include:
1️⃣ Detecting SQL injection risks It reviews stored procedures and queries to find unsafe dynamic SQL, string concatenations used to build queries, or risky use of EXEC. These patterns are common entry points for SQL injection attacks.
2️⃣ Identifying data overexposure It can point out views or queries that return sensitive columns (such as personal data or credentials) without masking or filtering them appropriately.
3️⃣ Recommending stronger protections It suggests improvements such as encrypting connections, using Always Encrypted, applying Dynamic Data Masking, or preferring Entra ID authentication instead of storing credentials in code or configuration.
4️⃣ Illustrating how an attack might work In some cases, it can generate realistic SQL injection payload examples based on your schema. This helps you understand the practical impact of a vulnerability, not just the theory.
You will need: • VS Code with the MSSQL extension (v1.37+) • Your GitHub Copilot subscription • A connection to a SQL Server or Azure SQL database (a dev database is recommended) Sample DB: https://github.com/Microsoft/sql-server-samples/releases/tag/wide-world-importers-v1.0
As a starting point, connect to a sample or development database (for example, AdventureWorks). Then open the Copilot chat and try prompts such as:
"@mssql Review the stored procedure SalesLT.uspGetCustomerOrderHistory for potential SQL injection vulnerabilities"
"@mssql What security best practices should I verify for the SalesLT schema?"
The tool will analyze the referenced objects and return recommendations based on the real structure of your database.
It is possible that the AI‑generated content is incorrect. You remain responsible for reviewing, validating, and approving it before any use. Do not rely on this output without thorough human verification. Not intended for production use.
The Security Analyzer is helpful, but it has boundaries you should be aware of:
Log in
